From a3e809f6e416ba4be51d80491df5317cdbfcd543 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 10 Nov 2024 16:02:31 +0100 Subject: [PATCH] Assigned RUSTSEC-2023-0087 to simd-json-derive (#2126) Co-authored-by: amousset <329388+amousset@users.noreply.github.com> --- .duplicate-id-guard | 2 +- .../{RUSTSEC-0000-0000.md => RUSTSEC-2023-0087.md} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename crates/simd-json-derive/{RUSTSEC-0000-0000.md => RUSTSEC-2023-0087.md} (95%) diff --git a/.duplicate-id-guard b/.duplicate-id-guard index bf8ef3969..172b1af2a 100644 --- a/.duplicate-id-guard +++ b/.duplicate-id-guard @@ -1,3 +1,3 @@ This file causes merge conflicts if two ID assignment jobs run concurrently. This prevents duplicate ID assignment due to a race between those jobs. -7c4dd59d9b0c868406fb44dbd1232b8e9085a5a863794b986a8cbd9ccac8b49c - +bce67f0e5542ba57284b5f5636ac4da80340ff92fb47da55ed7992d89499f3ac - diff --git a/crates/simd-json-derive/RUSTSEC-0000-0000.md b/crates/simd-json-derive/RUSTSEC-2023-0087.md similarity index 95% rename from crates/simd-json-derive/RUSTSEC-0000-0000.md rename to crates/simd-json-derive/RUSTSEC-2023-0087.md index a0301b972..22f999be3 100644 --- a/crates/simd-json-derive/RUSTSEC-0000-0000.md +++ b/crates/simd-json-derive/RUSTSEC-2023-0087.md @@ -1,7 +1,7 @@ ```toml [advisory] -id = "RUSTSEC-0000-0000" +id = "RUSTSEC-2023-0087" package = "simd-json-derive" @@ -25,4 +25,4 @@ patched = [">= 0.12.0"] An invalid use of `MaybeUninit::uninit().assume_init()` in `simd-json-derive`'s derive macro can cause undefined behavior. The original code used `MaybeUninit` to avoid initialisation of the struct and then set the fields using `ptr::write`. The undefined behavior triggered by this misuse of `MaybeUninit` can lead to invlaid memory access and panics in binaries compiled in release mode (aka simd-json-derive prior to version 0.12 has UB and optimizes into some nonsense) -The `0.12.0` removes this section of code, avoiding the use of MaybeUninit alltogether. \ No newline at end of file +The `0.12.0` removes this section of code, avoiding the use of MaybeUninit alltogether.